The Hacker News

⚠️ MongoDB fixed a server flaw that lets unauthenticated users read uninitialized heap memory. The bug, CVE-2025-14847 (8.7), affects releases from 3.6 through 8.2 and is tied to zlib compression handling. Patches are available now. 🔗 Read → https://thehackernews.com/2025/12/new-mongodb-flaw-lets-unauthenticated.html

🛑 Trust Wallet confirmed a security breach in its Chrome extension. Malicious code was inserted into version 2.68, stealing wallet recovery phrases and draining about $7 million. Users must update to v2.69. 🔗 Read details here → https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html

China-linked Evasive Panda ran a targeted DNS poisoning campaign to silently push spyware through fake software updates, Kaspersky reports. 🔗 Learn how poisoned DNS enabled stealth espionage → https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html

ThreatsDayBulletin: Cyber threats are shifting tactics this week. Stealthy loaders now hide in trusted tools, AI chatbot flaws and Docker prompt injection exploits can leak data, and commodity loaders deliver RATs to industry targets. Android NFC malware and fake PoCs add to the risk. 🔗 Read → https://thehackernews.com/2025/12/threatsday-bulletin-stealth-loaders-ai.html

Stolen vault backups from the 2022 LastPass breach are still paying out. $35 Million+ traced as attackers crack weak master passwords years later, draining crypto through 2025. TRM Labs links laundering to Russian exchanges and mixers, despite CoinJoin use. 🔗 Read → https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long.html

Fortinet confirms active exploitation of a FortiOS SSL VPN flaw that bypasses 2FA. CVE-2020-12812 lets attackers log in by changing the case of a username when LDAP is misconfigured. The bug can allow admin or VPN access without second-factor checks. 🔗 Read → https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html

CISA added a Digiever NVR bug to its exploited list after confirmed attacks. CVE-2023-52163 allows remote code execution through command injection once logged in. Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched. 🔗 Read → https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html

A new MacSync malware variant hit macOS via a signed and notarized app, letting it bypass Apple Gatekeeper. The fake messaging installer ran like a legitimate app until Apple revoked the certificate. 🔗 Read → https://thehackernews.com/2025/12/new-macsync-macos-stealer-uses-signed.html

Nomani investment scams rose 62% in 2025, ESET says. Campaigns now run on YouTube as well as Facebook, pushing fake returns with AI-made videos. 64,000+ scam URLs were blocked this year. 🔗 How the fraud chain works → https://thehackernews.com/2025/12/nomani-investment-scam-surges-62-using.html

Cybercrime shifted in 2025. 70.5% of data breaches hit SMBs, not large enterprises. Attackers moved to smaller firms after big companies hardened defenses and rejected ransoms. Volume replaced payout size. 🔗 What the data shows from 2025 breaches → https://thehackernews.com/2025/12/attacks-are-evolving-3-ways-to-protect.html

U.S. SEC has charged multiple companies over a crypto scam that took $14M from retail investors. The scheme used WhatsApp investment clubs and fake AI trading signals to push victims onto non-existent crypto platforms. No real trading ever happened. 🔗 Read → https://thehackernews.com/2025/12/sec-files-charges-over-14-million.html

Italy fined Apple €98.6m over how App Tracking Transparency works in the App Store. Regulators say third-party apps must show double consent prompts, while Apple’s own apps get one-tap approval. 🔗 Read → https://thehackernews.com/2025/12/italy-fines-apple-986-million-over-att.html